IAM

Embed Size (px)

DESCRIPTION

cours donné en début 2014

Text of IAM

  • 1. Identity access management JacquesFolon! PartnerEdgeConsulting ! Matredeconfrences UniversitdeLigeChargdecoursICHECBrusselsManagementSchoolProfesseurinvitUniversitdeLorraine(Metz) ISFSC,HEF.Ferrer,HELdB(Bruxelles) InstitutArabedesChefsdentreprises(Tunis) InstitutAfricaindeManagement(Ouagadougou)!

2. Retrouvez-moienligne Jacques.folon@ichec.be https://www.facebook.com/folon.jacques http://www.scoop.it/u/jacques-folon http://www.linkedin.com/in/folon http://jacquesfolon.tumblr.com/ http://fr.slideshare.net/FOLON @jacquesfolon 2 3. Cetteprsentationestsur www.slideshare.net/folon !elleestvotredisposition 4. IAM 1. 2. 3. 4. 5. 6. 7. 8. 9.Cestquoi? Quelestlecontexteactuel? IAM&cloudcomputing Pourquoienavonsnous besoin? Todolist IAMetvieprive IAMetcontrle e-discovery Conclusion 5. 1.IAMcestquoi? SingleSignOnPassword ManagementSecureRemote AccessFede ratio nRolebased Managemen tProvisioningWebServices Security iting& Aud ng eporti RAuthorizationDRM Strong ication nt Authees ctori DirePKISource:IdentityandAccessManagement:OverviewRafalLukawiecki-StrategicConsultant,ProjectBotticelliLtdrafal@projectbotticelli.co.uk 6. 5 Questions to ask your CISO 7. Q: Whats posted on this monitor? !a password to financial application b phone messages c to-dos 8. Q: What determines your employees access? ! !a give Alice whatever Wally has b roles, attributes, and requests c whatever her manager says 9. Q: Who is the most privileged user in your enterprise? ! !a security administrator b CFO c the summer intern who is now working for your competitor 10. Q: How secure is your identity data? ! !a It is in 18 different secured stores b We protect the admin passwords c Privacy? We dont hold credit card numbers 11. Q: How much are manual compliance controls costing your organization? !a nothing, no new headcount b dont ask c dont know 12. Todays IT ChallengesMore Compliant Business Increasing regulatory demands Increasing privacy concerns Business viability concernsMore Agile BusinessMore Secured Business More accessibility for employees, customers and partners Higher level of B2B integrations Faster reaction to changing requirements Organized crime Identity theft Intellectual property theft Constant global threats 13. State Of Security In Enterprise Incomplete Multiple point solutions from many vendors Disparate technologies that dont work together! Complex Repeated point-to-point integrations Mostly manual operations! Non-compliant Difficult to enforce consistent set of policies Difficult to measure compliance with those policies 14. Identity Management Values Trusted and reliable security ! Efficient regulatory compliance ! Lower administrative and development costs ! Enable online business networks ! Better end-user experience 15. IAMnestpasuniquementunetche informatique! La gestion des identits consiste grer le cycle de vie des personnes (embauche, promotion, mutation, dpart, etc.) au sein de la socit et les impacts induits sur le systme dinformation (cration de Comptes utilisateurs, attribution de Profils utilisateurs, mise en uvre du contrle d'accs, etc.).sourceclusif15 16. IAMnestpasuniquementunetche informatique! Cette gestion des identits doit pouvoir tre faite d'un point de vue fonctionnel par des non-informaticiens (exemple : Ressources Humaines, Matrise douvrage, lutilisateur lui-mme) et d'un point de vue technique par des informaticiens (exemple : administrateur, Matrise duvre). sourceclusif16 17. La solution de gestion didentits doit tre une solution globale sur la base dune infrastructure centralise avec une gestion fonctionnelle distribue et qui intgre les fonctionnalits suivantes : ! la gestion du rfrentiel central des utilisateurs (alimentation partir de rfrentiels utilisateurs sources), la gestion du rfrentiel central des ressources concernes par la gestion des droits daccs, la gestion des habilitations (gestion des Profils, Rles, gestion des utilisateurs, workflow), le provisioning (synchronisation des rfrentiels cibles de scurit), ladministration dcentralise, lauto-administration (gestion par les utilisateurs des mots de passe et des donnes prives), laudit et le reporting, le contrle daccs (authentification, autorisation). sourceclusif17 18. Dfinition WhatisIdentityManagement? Identitymanagementistheset ofbusinessprocesses,anda supportinginfrastructure,forthe creation,maintenance,anduseof digitalidentities.TheBurtonGroup (aresearchfirmspecializinginIT infrastructurefortheenterprise) IdentityManagementinthis senseissometimescalled IdentityandAccess Management(IAM) 19. Identity and Access Management is the process for managing the lifecycle of digital identities and access for people, systems and services. This includes:! User Management management of large, changing user populations along with delegated- and self-service administration. Access Management allows applications to authenticate users and allow access to resources based upon policy. Provisioning and De-Provisioning automates account propagation across applications and systems. Audit and Reporting review access privileges, validate changes, and manage accountability.CA!IAM : J. Tony Goulding CISSP, ITIL CA t ony.goulding@ca.com! 19 20. IAMcestparexemple BonjourjesuisJulie,une tudiantedINFOSAFE.(Identit) Ceciestmonmotdepasse. (Authentification) Jeveuxaccderlaplateforme (Authorisationaccorde) Jeveuxamliorerlanotedemon examen. (Autorisationrefuse) 21. Maiscestaussi Unnouveauprofesseur Doncuneadresseemail, donnerdsquepossible UnmotdepassesurICHEC Campus UnmotdepasseIntranet UnmotdepasseIECampus Dfinirlesautresservices auxquelilaaccs 22. Quellessontlesquestionsseposer?? Lespersonnessont-ellesce quellesdisenttre? Sont-ellesdesmembresrels denotrecommunaut? Ont-ellesreules autorisationsncessaires? Lerespectdeleursdonnes personnellesest-ilmisen place? 23. Exemplesdequestions Quelmottypedemotdepassedonner? Quellessontlesactivitsautorises? Quellessontlesactivitsinterdites? Aquellecatgoriedepersonnecettenouvelle identitdoit-elletreattache? Aquelmomentduprocessusdentreles autorisationsdoivent-ellestredonnes? Quellesmodalitsdecontrlesontmisesenplace? Peut-onprouvertoutcelaunauditeur? 24. LetripleAdelIAM Authentication! WHO ARE YOU? Authorization / Access Control! WHAT CAN YOU DO? Audit! WHAT HAVE YOU DONE? 24 25. ComponentsofIAM Administration UserManagement PasswordManagement Workflow Delegation AccountProvisioning AccountDeprovisioning SynchronisationAuthentication IdentityManagementAdministration Authentication AuthorizationAuthorization AccessManagementReliable Identity Data Source:IdentityandAccessManagement:OverviewRafalLukawiecki-StrategicConsultant,ProjectBotticelliLtdrafal@projectbotticelli.co.uk 26. 2.Contexteactuel Quelestlecontexteactuel quiestlabasedu dveloppementdelIAM? 27. LesidentitsmultiplesselonFCavazza27 28. Lesidentitsvarientselonlesplateformes28 29. Entrelidentitvirtuelleet...Dans ce contexte, lamoncellement de parcelles laisses plus ou moins labandon dessine un portrait par petites touches. Un peu comme les tableaux pointillistes : de manire unitaire, aucune des traces nest rellement significative. Mais le tableau gnral, lui, reprsente le sujet dans son ensemble. la vue de tous et pas forcment sous un angle souhait 29 http://www.buschini.com/2009/12/04/identite-traditionnelle-versus-identite-numerique/ 30. Internetestbassurdes communicationsanonymes Lesentreprisesparticipentde nombreuxrseauxgnrantde multiplesidentits Lessystmesinternesontparfoisdes systmesdidentifiantsdiffrents Lesutilisateurssontlesmaillonsfaibles delascurit Lacriminalitinformatiqueaugmente Lamiseenplacedecontrlesimpose lidentification Lagestiondestracesestindispensables Laprotectiondelaviepriveimpose descontrlesWelcometoadigitalworld 31. Sujetdactualit 32. ExplosionofIDs #of DigitalIDsBusiness AutomationPartners (B2B)Company (B2E) Customers (B2C) MobilityInternet ClientServer Mainframens iopp At ca liTime Pre1980s1980s1990s2000sSource:IdentityandAccessManagement:OverviewRafalLukawiecki-StrategicConsultant,ProjectBotticelliLtdrafal@projectbotticelli.co.uk 33. TheDisconnectedReality Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity DataEnterprise DirectoryAuthentication Authorization Identity Data Authentication Authorization Identity DataIdentityChaos Nombreuxutilisateursetapplications NombreusesID Plusieursidentitparutilisateur Plusieursloginetmotsdepasse Multiplerepositoriesofidentityinformation MultipleuserIDs,multiplepasswords Managementdcentralis ConflitsbusinessITAuthentication Authorization Identity Data Authentication Authorization Identity DataSource:IdentityandAccessManagement:OverviewRafalLukawiecki-StrategicConsultant,ProjectBotticelliLtdrafal@projectbotticelli.co.ukHR Finance Office! Infra ! Application ! External app ! In-House Application employee Application 34. MultipleContexts Customersatisfaction&customerintimacy Costcompetitiveness Reach,personalizationYourSUPPLIERSYourCUSTOMERSCollaboration Outsourcing Fasterbusinesscycles;process automation ValuechainYourCOMPANYand yourEMPLOYEES M&A Mobile/globalworkforce Flexible/tempworkforceYourREMOTEand VIRTUALEMPLOYEESYourPARTNERSSource:IdentityandAccessManagement:OverviewRafalLukawiecki-StrategicConsultant,ProjectBotticelliLtdrafal@projectbotticelli.co.uk 35. TrendsImpactingIdentity Rising Tide of Regulation and Compliance SOX, HIPAA, GLB, Basel II, 21 CFR Part 11, $15.5 billion spend on compliance (analyst estimate)Deeper Line of Business Automation and Integration One half of all enterprises have SOA under development Web services spending growing 45%Increasing Threat LandscapeIdentitytheftcostsbanksandcreditcardissuers$1.2billionin1yr$250 billion lost from exposure of confidential infoMaintenance Costs Dominate IT BudgetOn average employees need access to 16 apps and syst